Platform SDK: Active Directory, ADSI, and Directory Services |
All ADSI programs have one thing in common: binding. To use ADSI methods and properties, you must bind an object to a computer, a domain controller, a user, or some other item in a machine's directory structure. Once bound, you may read or change the properties of the object, and you may invoke any methods relevant to that particular type of object.
ADSI binding syntax looks like this:
Set myObj = GetObject("WinNT://Domain/Machine/Object,Class")
The argument to GetObject is called the binding string. An ADSI binding string consists of two parts:
WinNT:
)//Domain/Machine/Object,Class
)The provider part of the string indicates what type of namespace to bind to. ADSI ships with four different providers.
Provider | Purpose |
---|---|
WinNT: |
For communicating with Windows NT 4.0 Primary Domain Controllers (PDCs) and Backup Domain Controllers (BDCs). |
LDAP: |
For communicating with LDAP servers, including Exchange 5.x directory and Windows 2000 Active Directory. |
NDS: |
For communicating with Novell Directory Services servers. |
NWCOMPAT: |
For communicating with Novell NetWare servers. |
The provider is case sensitive; WinNT is different from WINNT, so be sure to spell the name correctly. This tutorial will focus primarily on the WinNT provider.
If you supply only the provider in the binding string (for example, "WinNT:"), ADSI will bind to the root of the provider's namespace and allow access to all the objects in the enterprise.
Usually, you will want to bind to a more specific object than the entire namespace. The path allows you to do this.
To bind to the root of a specific domain, use the following format:
Set myObj = GetObject("WinNT://MyDomain")
You can also bind to a specific computer without specifying a domain name. If the computer you bind to is not a domain controller, the provider will bind to the local machine accounts. The syntax looks like this:
Set myObj = GetObject("WinNT://Server01,computer")
Binding to objects below the level of computer is also possible with the following format:
Set myObj = GetObject("WinNT://MyDomain/dc01/Bob,user")
This will bind to the user Bob on the domain controller dc01 in the domain MyDomain.
The part of the binding string after the comma is called the class specifier, and it is optional. Class specifiers are useful to prevent ambiguity between object names. In the last example, specifying user
insures that if there is also a computer named Bob in the dc01 domain controller, the provider will bind to the user Bob instead of to the computer.